CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2020-13405
https://notcve.org/view.php?id=CVE-2020-13405
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. El archivo userfiles/modules/users/controller/controller.php en Microweber versiones anteriores a 1.1.20, permite a un usuario no autenticado divulgar la base de datos de usuarios por medio de una petición POST de /modules/ • https://github.com/mrnazu/CVE-2020-13405 https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 https://rhinosecuritylabs.com/research/microweber-database-disclosure • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2018-19917 – Microweber 1.0.8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-19917
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. Microweber 1.0.8 tiene vulnerabilidades de Cross-Site Scripting (XSS) reflejado. Microweber version 1.0.8 suffers from reflected cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151005/Microweber-1.0.8-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/12 http://seclists.org/fulldisclosure/2019/Jan/25 https://github.com/microweber/microweber/commits/master https://www.netsparker.com/web-applications-advisories/ns-18-038-reflected-cross-site-scripting-in-microweber • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •